How Cryptocurrency May Be Driving a New Wave of Attacks on WordPress Websites

Let me start this off by saying that yes, WordPress is an incredibly secure platform. Simply by the nature of being open-source and having so many eyes on the code, vulnerabilities are fixed pretty quickly. The same goes for plugins and themes that may go awry.

That said, the surge in popularity–and monetary value–of various cryptocurrencies such as Bitcoin (BTC), Ethereum (ETH), and Monero (XMR) are bringing hackers and undesirables of all kinds out of the woodwork to try and get their grubby little hands all over your bits and bytes.

Generally speaking, you’re pretty good if you’re using WordFence, Sucuri, iThemes, or another trusted security plugin. These folks monitor everything people like you and me can’t even imagine, and they protect your site. However, one of the newest threats that’s arisen is for cryptocurrency miners to be maliciously installed on your WordPress sites to hijack your users’ computers.

Don’t fret, though. Let’s break this down and understand what’s going on and why.

Crypto What? And Why Should I Crypto-Care?

Forbes has a fantastic podcast rundown of what cryptocurrency is, and they explain it and blockchain to all us average people.

The short version is that it’s a very secure and tracked data system that can be used like money because of its built-in scarcity, top-end limits, and asset verification. Or, in other words, it’s money that you can’t counterfeit and will never, ever, ever exceed a set amount in the world (and we can prove it).

There are tons of different kinds of cryptocurrencies out there (there’s even a dogecoin), and as they’re adopted by more and more people, the value goes up (limited resources, after all).

And anytime something has value, bad people want to exploit that for their own gain. Hence, why you should care.

Where WordPress Comes In

You don’t earn cryptocurrency. You mine it. Without going into a ridiculous amount of detail, mining is using your computer to solve ridiculously complex math problems. Sometimes you get lucky and solve the problem. The answer is represented by a “coin” of whatever currency you’re digging for. Clear as mud, right?

Because of the processing power needed to get the coins, GPUs (graphics processors) are the most common hardware used to mine. But the currency Monero was designed from the ground up, according to WordFence, to be perfect for CPUs to mine. Everyone has a pretty good CPU these days–not so with GPUs.

In December 2017, WordFence noticed a huge uptick in attacks on WordPress sites. At first they didn’t know what was going on. Then…Monero happened.

Suddenly the reason for the frenzied brute-force attacks becomes very clear. At the beginning of this month, the price of Monero had barely broken $200. But its value has since skyrocketed, reaching $378 the day before the attacks started. Monero is designed so that it can be mined by regular CPUs, but that’s still not easy. Even for a hacker using compromised servers, the return on mining wasn’t that great – until recently.

But Why WordPress?

Historically, brute force attacks targeting WordPress have not been very successful. This new database provides fresh credentials that, when matched with a WordPress username, may provide a higher success rate for attackers targeting sites that do not have any protection.

In other words, with the awe-inspiring rate at which new WP sites are created, the liklihood of them both being left unsecured (i.e. no WordFence, iThemes, or Sucuri) and having easily cracked login information is ridiculously high. I mean, every single one of us has used something like Softalicious to put up a dummy site with throwaway logins and subsequently forgotten it was there.

The cryptocurrency hackers are taking advantage of folks like us and using those WP installs to backdoor their way into shared hosting servers, multisite networks, and all the connected, legit installations. They then put their own illicit JavaScript-based miners onto those sites and hijack visitors’ computers and CPUs to mine, generally, Monero because it is built to be as untraceable as possible.

Like I said before, WordPress itself is a very secure platform (thanks in no small part to folks like WordFence and Sucuri who did all this research to help us), but it takes a little bit of action on our parts to make use of their hard work.

Where Do We Go From Here?

Well, the first thing is to change all your passwords and all your clients’ passwords. (I know, right?) That’s a pretty normal step, but it’s a pain.

Secondly, you’re going to want to make sure you have a good firewall and security plugin installed. Make sure you can see our own takes on WordFence and Sucuri to see some of what they offer.

These Kinds of Hacks are Not Going Anywhere

You should be aware, though, that with the popularity of cryptocurrencies, these kinds of hacks and compromises aren’t going anywhere. They’re here to stay, and we’re going to have to be vigilant.

Because of our involvement in as large of an online platform as WordPress is, we can’t deny that there’s a higher risk of being targeted. That’s just numbers. However, that risk is mitigated, like I said before, because of the outstanding community that we’re a part of.

Keep in mind that you should feel safe because you’re on WordPress, not threatened.

Riding the Crypto Wave

All that said, you should now be more aware of the place cryptocurrency (and the various cultures surrounding it) is establishing for itself. At this point, we have to accept it, whether we want to or not.

If you’re using the Coinhive method of advertising that Sucuri mentioned in their article (linked above and here, be aware of the risks. And if you didn’t know about Coinhive, make sure you check it out, too. It can be a legit way to earn–you just have to be careful.

And if you’re involved in any way with an ecommerce site, you should look into taking cryptocurrencies as payments. As much as this particular article was looking at the horror stories that cane come from abuses of the system, there is massive potential for buyers and sellers to get fantastic deals monetarily when used correctly.

Either way, stay safe out there, Divi Nation, and good luck down in the mines!

What are your thoughts on cryptocurrency and WordPress? Have you been affected by this new wave of attacks?